# About Swedish BankID
Swedish BankID is a method of secure digital electronic identification and signing. Individuals who have a Swedish national identification number (personnummer) can obtain BankID through their bank.
# Use cases
If you are not so familiar with how BankID is used, here are some typical use cases:
Identity proofing: To become a customer of a bank, you have to register as a user for the first time. To prove your identity, you can choose to use BankID, among others, as an ID method.
Authentication: As a registered customer with a bank, you will be able to apply for a loan. To be able to log in to your bank, you have to authenticate to prove your identity. BankID can be used for authentication, the same way it can be used for registering as a new customer.
Signing: You can use BankID to electronically sign one or more documents, for example a loan application in a bank.
Technically, you use the same service for these use cases. However, you should consider how you set the ID method up in the total user flow. For example, onboarding a new customer is a one-time occurrence, while authentication is a repetitive action for the customer. You may set up a simpler user flow for recurring authentications. Of course, this depends on the required level of assurance for the services you offer.
Note
If BankID is used for identity proofing during the initial user onboarding, it is not allowed to issue alternative credentials (also known as ID switch). Then BankID should also be used for all subsequent authentications.
For technical integration details:
- For identity proofing and authentication, see the eID Hub Quick start guide.
- For signing, see the Electronic Signing documentation.
# Authentication flow
Signicat provides two main flow options for BankID, remote with another device or locally on the same device. Both options assume the user has already installed the BankID app on the device where the authentication is performed.
For details about how to configure the different flows, see Select protocol and configure.
# "Remote" confirmation with QR code scan
The QR option is normally used when the user starts on a website for desktop. In this case, the user is asked to open the BankID app to scan the displayed QR code with their mobile device:
The link below the QR code allows the user to switch over to authenticate themselves via the same device (see the next section).
# "Local" confirmation on the same device
In this option, the user is asked to start the BankID app and authenticate on the same/current device. It can be used on both mobile or desktop, but it is normally used in a mobile flow (since very few users have installed the BankID app on their desktop).
# Phone flow
The Phone flow is usually initiated when a customer is talking with your customer service operator over the phone. Then you want to verify that the caller is actually who they claim to be. Examples of use cases could be:
- A bank customer calls your bank and wants to transfer money from their account to another account. Your customer service operator then wants to verify the identity of the caller before they start the transaction.
- An employee calls their payroll department to check if their salary is correct. Then the payroll operator wants to verify the identity of the employee before they give any details about the salary.
The phone call can be initiated either by your customer (user) or by your customer service operator. The call can be either live or via IVR (Interactive Voice Response).
The phone flow consists of the following main steps:
- The Phone flow starts with the customer service operator entering the personal identification number of the customer:
Note
The above screen is only displayed for your customer service operator (usually on a desktop). The user will never see this screen.
- The operator chooses if the call was initiated by the User (customer) or the Operator (customer service).
- Once the operator has selected Continue, the Swedish BankID app will appear on the user's mobile screen with a security check (yes/no) question.
- If the user selects Yes, they are presented with a screen where they can identify themselves with a security code or biometrics. If the user selects No, they get an option to cancel the identification.
# Setup
The main setup steps for the Phone flow are:
- Enable it by selecting Allow Phone flow on the Dashboard configuration (opens new window) page.
- Define the phone flow parameters,
sbid_auth_type(PHONE) andsbid_phone_initiator(USER or OPERATOR) in your protocol setup. For details, see the OIDC and Authentication REST API setup sections.
# Headless authentication
If you want to send headless authentication requests (typically from a backend or app to backend system) via Signicat, you must use our Authentication REST API or OIDC CIBA protocols. For more details, see Headless authentication.
# Result with user information
The user information available after a successful authentication may differ slightly between different issuers. Important parameters are:
- Subject (unique ID)
- National identity number
- Name
- Birth date
- Issuer
For more details, see Response examples.